<?php

/**
 * 管理员
 *
 * @package		Hooloo framework
 * @author 		Bill
 * @copyright 	Hooloo Co.,Ltd
 * @version		1.0
 * @release		2017.05.08
 */
defined('BASEPATH') OR exit('No direct script access allowed');

class Adm extends Controller {
	public function __construct() {
		parent::__construct();
	}

	/**
     * 列表
     */
	public function index($username = "", $p = 1) {
		//接收参数
		$username = urldecode(sql_format($username));
		$p = intval($p);
		
		//用户搜索
		if ($username) {
			$where = " where username like '%$username%'";
		} else {
			$username = 0;
			$where = " where 1=1";
		}
		
		//数据分页
		$p = (int)$p <= 0 ? 1 : (int)$p;
		$pize = 15;
		$start = ($p - 1) * $pize;
		
		//查询总数
		$sql = "select count(*) as c from admin" . $where;
		$total = $this->db->query($sql)->row_array();
		$total = $total["c"];
		
		//分页查询
		$sql = "select * from admin" . $where . " order by id desc limit $start, $pize";
		$list = $this->db->query($sql)->result_array();

		//分页展示
		$url = "/" . $this->_controller . "/" . $this->_action . "/" . $username . "/";
		
		$page = page_format($total, $pize, $p, $url);
		
		$role = array("超级管理员", "普通管理员", "开会员");
		
		//分配展示
		$this->assign("list", $list);
		$this->assign("total", $total);
		$this->assign("page", $page);
		$this->assign("username", $username);
		$this->assign("role", $role);
		$this->display();
	}
	
	/**
     * 新增
	 * @param	string	$username	帐号
     * @param	string	$password 	密码
     * @param	string	$nickname 	姓名
     * @param	int		$is_locked 	是否禁止访问本网站，1：禁止，0：允许
     * @param	int		$role_id 	所属角色0-超级管理员，1-普通管理员
     * @param	array	$result 	返回结果
     */
	public function add() {
		if (IS_POST) {
			//接收参数
			$username = isset($_POST["username"]) ? substr(sql_format($_POST["username"]), 0, 10) : "";
			$password = isset($_POST["password"]) ? $_POST["password"] : "";
			$repassword = isset($_POST["repassword"]) ? $_POST["repassword"] : "";
			$nickname = isset($_POST["nickname"]) ? substr(sql_format($_POST["nickname"]), 0, 12) : "";
			$is_locked = isset($_POST["is_locked"]) ? (int)$_POST["is_locked"] : 0;
			$role_id = isset($_POST["role_id"]) ? (int)$_POST["role_id"] : 0;
			
			//校验参数
			if (! $username) {
				ajax_return(0, "帐号不能为空");
			} elseif (strlen($username) < 4 || strlen($username) > 10) {
				ajax_return(0, "帐号长度4至10位字符");
			}
			if (! $password) {
				ajax_return(0, "密码不能为空");
			} elseif (strlen($password) < 6 || strlen($password) > 12) {
				ajax_return(0, "密码长度6至12位字符");
			} elseif ($password != $repassword) {
				ajax_return(0, "两次密码不一致");
			} else {
				$password = md5($password);
			}
			if (! $nickname) {
				ajax_return(0, "名称不能为空");
			}
			
			//判断代理商是否存在
			$sql = "select username from admin where username = '$username' or nickname = '$nickname'";
			$admin = $this->db->query($sql)->row_array();
			if ($admin) {
				ajax_return(0, "帐号已存在，请更换其他帐号");
			}
			
			//插入代理商信息
			$reg_date = time();
			$sql = "insert into admin (username, password, nickname, is_locked, role_id, reg_date) values ('$username', '$password', '$nickname', $is_locked, '$role_id', $reg_date)";
			$this->db->query($sql);
			$res =$this->db->insert_id();
			if (! $res) {
				ajax_return(0, "添加失败");
			} else {
				ajax_return(1, "添加成功", "/adm/index");
			}
		}
		
		$role = array("超级管理员", "普通管理员", "开会员");
		$this->assign("role", $role);
		$this->display();
	}
	
	/**
     * 编辑
	 * @param	int		$id			管理员id
	 * @param	string	$username	帐号
     * @param	string	$password 	密码
     * @param	string	$nickname 	姓名
     * @param	int		$is_locked 	是否禁止访问本网站，1：禁止，0：允许
     * @param	int		$role_id 	所属角色0-超级管理员，1-普通管理员
     * @param	array	$result 	返回结果
     */
	public function edit($id = 0) {
		//接收参数
		$id = intval($id);
		
		if (IS_POST) {
			$username = isset($_POST["username"]) ? substr(sql_format($_POST["username"]), 0, 10) : "";
			$password = isset($_POST["password"]) ? $_POST["password"] : "";
			$repassword = isset($_POST["repassword"]) ? $_POST["repassword"] : "";
			$nickname = isset($_POST["nickname"]) ? mb_substr(sql_format($_POST["nickname"]), 0, 12) : "";
			$role_id = isset($_POST["role_id"]) ? (int)$_POST["role_id"] : 0;
			
			//判断该帐号是否为超级管理员
			if (0 != $_SESSION["admin"]["role_id"]) {
				ajax_return(0, "您不是超级管理员，不能操作其他管理员");
			}
			
			//校验参数
			if (0 >= $id) {
				ajax_return(0, "参数有误");
			}
			if (! $username) {
				ajax_return(0, "帐号不能为空");
			} elseif (strlen($username) < 4 || strlen($username) > 10) {
				ajax_return(0, "帐号长度4至10位字符");
			}
			if (! $nickname) {
				ajax_return(0, "名称不能为空");
			}
			
			//判断是否存在
			$sql = "select username from admin where id = '$id'";
			$admin = $this->db->query($sql)->row_array();
			if (! $admin) {
				ajax_return(0, "非法请求");
			}
			
			//判断帐号重复
			$sql = "select id from admin where username = '$username' and id != $id";
			$admin = $this->db->query($sql)->row_array();
			if ($admin) {
				ajax_return(0, "帐号已存在");
			}
			//判断名称重复
			$sql = "select id from admin where nickname = '$nickname' and id != $id";
			$admin = $this->db->query($sql)->row_array();
			if ($admin) {
				ajax_return(0, "名称已存在");
			}
			
			//更新信息
			if ($password) {
				if (strlen($password) < 6 || strlen($password) > 12) {
					ajax_return(0, "密码长度6至12位字符");
				} elseif ($password != $repassword) {
					ajax_return(0, "两次密码不一致");
				}
				$password = md5($password);
				$sql = "update admin set username = '$username', nickname = '$nickname', password = '$password', role_id = $role_id where id = $id";
			} else {
				$sql = "update admin set username = '$username', nickname = '$nickname', role_id = $role_id where id = $id";
			}
			$this->db->query($sql);
			
			//返回结果集
			ajax_return(1, "更新成功", "/adm/index");
		} else {
			if (0 >= $id) {
				$this->error("参数有误");
			}
			//查询详情
			$sql = "select * from admin where id = $id";
			$result = $this->db->query($sql)->row_array();
			if (! $result) {
				$this->error("帐号不存在");
			}
			
			//分配展示
			$role = array("超级管理员", "普通管理员", "开会员");
			
			$this->assign("role", $role);
			$this->assign("result", $result);
			$this->display();
		}
	}
	
	/**
     * 更改状态
	 * @param	int		$id			管理员id
     * @param	array	$result 	返回结果
     */
	public function change($id = 0) {
		if (IS_POST) {
			//接收参数
			$id = intval($id);
			
			//校验参数
			if (0 >= $id) {
				ajax_return(0, "非法请求");
			}

			//查询记录
			$sql = "select is_locked from admin where id = $id";
			$result = $this->db->query($sql)->row_array();
			if (! $result) {
				ajax_return(0, "帐号不存在");
			}
			
			//判断当前状态
			if ($result["is_locked"] == 0) {
				$is_locked = 1;
			} else {
				$is_locked = 0;
			}
			
			//更新记录
			$sql = "update admin set is_locked = $is_locked where id = $id";
			$this->db->query($sql);
			$return["locked"] = $is_locked;
			$return["id"] = $id;
			$return["field"] = "locked";
			
			//返回结果集
			ajax_return(1, "状态已更新", $return);
		}
	}
	
	/**
     * 删除
	 * @param	int		$id			管理员id
     * @param	array	$result 	返回结果
     */
	public function delete($id = 0) {
		if (IS_POST) {
			//接收参数
			$id = intval($id);
		
			//校验参数
			if (0 >= $id) {
				ajax_return(0, "参数有误");
			}
			
			//判断管理员是否为自己
			if ($id == $_SESSION["admin"]["id"]) {
				ajax_return(0, "您不能删除自己");
			}
			
			//判断该帐号是否为超级管理员
			if (0 != $_SESSION["admin"]["role_id"]) {
				ajax_return(0, "您不是超级管理员不能删除");
			}
			
			//删除管理员
			$sql = "delete from admin where id = $id";
			$this->db->query($sql);
			
			//返回结果集
			ajax_return(1, "管理员已删除");
		}
	}
}
